Attackers thrive in the shadows, using MITRE ATT&CK® T1564 - Hide Artifacts to cloak their presence with hidden files, concealed processes, and manipulated registry keys. These stealth tactics allow adversaries to evade detection, persist undetected, and escalate their access — all while quietly exfiltrating data or disrupting operations.Imagine files, processes, and even … [Read more...] about Hunting with Elastic Security: Unmasking concealed artifacts with Elastic Stack insights
Hunting
Hunting with Elastic Security: Detecting credential dumping with ES|QL
In the shadowy depths of your network, whispers grow louder — something isn’t right. Adversaries are on the prowl, targeting the very keys to your kingdom: your credentials. T1003 - OS Credential Dumping is their weapon of choice to steal password hashes and sensitive authentication materials. They quietly harvest secrets to impersonate users, escalate privileges, and move … [Read more...] about Hunting with Elastic Security: Detecting credential dumping with ES|QL
Cross-Domain Attack Defense with Intel-Led Threat Hunting
1. Initial Entry and Exploitation In the first stage of this attack, the adversary set up a command-and-control (C2-1 in Figure 1) infrastructure to launch their attack. They targeted a Linux Tomcat server, exploiting a known vulnerability to gain root access. Once inside, they conducted reconnaissance using standard tools like LDAP search to enumerate network shares and … [Read more...] about Cross-Domain Attack Defense with Intel-Led Threat Hunting
AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)
May 10, 2024The Hacker NewsArtificial Intelligence / Threat Hunting Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of … [Read more...] about AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)
Why Managed Threat Hunting Should Top Every CISO’s Holiday Wish List
With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the world grappled with Log4Shell. While we … [Read more...] about Why Managed Threat Hunting Should Top Every CISO’s Holiday Wish List
A Sneak Peek at the 2022 Falcon OverWatch Threat Hunting Report
Another turbulent year for cybersecurity finds itself right at home alongside global economic headwinds and geopolitical tensions. This year has been defined by rampant affiliate activity, a seemingly endless stream of new vulnerabilities and exploits, and the widespread abuse of valid credentials. These circumstances have conspired to drive a 50% increase in interactive … [Read more...] about A Sneak Peek at the 2022 Falcon OverWatch Threat Hunting Report
Introducing Sandbox Scryer: A Free Threat Hunting Tool
Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in assembling indicators of compromise (IOCs), understanding attack movement and hunting threats By allowing researchers to send thousands of samples to a … [Read more...] about Introducing Sandbox Scryer: A Free Threat Hunting Tool
Falcon OverWatch Elite in Action: Tailored Threat Hunting Services
The threat presented by today’s adversaries is as pervasive as it is dangerous — eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals. While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and determined cyber … [Read more...] about Falcon OverWatch Elite in Action: Tailored Threat Hunting Services
A comprehensive guide on threat hunting for persistence with osquery
While this might seem complex, the Elastic Osquery Manager integration supports an easy deployment across multiple endpoints and simplifies the collection of data and aggregation of data.It’s never been easier to implement osquery at scaleThe Osquery Manager integration simplifies the deployment shown in Figure 1 by adding it to the policy assigned to the agents running on your … [Read more...] about A comprehensive guide on threat hunting for persistence with osquery
Hunting pwnkit (CVE-2021-4034) in Linux
In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due to a flaw in a component of Polkit — pkexec — a local privilege escalation vulnerability exists that, when exploited, will allow a standard user to elevate to … [Read more...] about Hunting pwnkit (CVE-2021-4034) in Linux